Wednesday, July 9, 2014

The New Snort.org is here!

When the Cisco acquisition was announced, we created a list of things we wanted to accomplish right away, and right at the top of that list was a complete refresh of the outward facing platforms. The old snort.org was written in 2005. Except for moving to AWS several years ago, largely, it was the only major update to the system in those 9 years.

We wanted to design a snort.org that provided a next-level user and purchase experience as well as the ability to roll out new product offerings in the future and have one hub for all of it.

We’ve tried to make the user experience as optimal as possible, so I thought I’d run down a few housekeeping notes:

  • Layout
    • Much cleaner!  You’ll notice as you navigate around the site, a very simple layout.  We’ve moved most of the content from the old site over, so you should be able to find just about everything.  
    • All documentation for the rules is now available via the search field at the top left of every page.  Type in what you are looking for, hit enter.  No special syntax is needed for the GID and SID anymore, even though it’s still supported.
    • Almost everything on the site is accessible by two clicks.  There are some exceptions of course, but we tried to keep it as simple as possible.
  • User Management
    • We've eliminated the concept of a separate username apart from your email address. All usernames are now simply your email address.  If you do not know the email address assigned to your account, or if all you have is your oinkcode, you may contact us at snort-site@cisco.com and we'll help you out.
    • Passwords have been moved over from the old system intact. You can reset them at anytime.
    • Oinkcodes can now be reset.  If you accidentally post your Oinkcode on the mailing list or in a bug report, you can go in and click a button to regenerate it.
  • Purchasing Process
    • The whole process has been vastly simplified.
      • No longer do you have to move between pages to make a purchase, or receive a generic error.  You enter your credit card on the site, and it is stored as a token.  The actual credit card number is stored with our credit card vendor.  At no time does your credit card ever touch snort.org
      • The two tier pricing structure has been eliminated. No longer is there the "499$ for 1-5 sensors”. Our pricing structure is now 399$ for a business license across the board. 
      • Your card will be automatically charged annually for your purchase unless you cancel, this is new.  We've had this in the license for sometime, but the old website didn't have the capability.  You will receive two reminders of the expiration of your subscription.  30 days before expiration, and 7 days before.

New Features:

  • Rules
    • The “Snort Subscriber Rule Set”, has had three components for years.  Community, Registered, and Subscriber.  However, we’ve changed the way that the “Registered Rules” offering works.
    • Registered Rules
      • Up until now, the Registered Rule Set was 30 days behind.  This included new and updated content.  No longer!
      • Now, only new content isn’t included.  This means, if we make an update to an older rule, Registered Rule Subscribers get the new updates right away.  After 30 days the "new" content will be made available to Registered users as well.

  • PulledPork URLs
    • The URL structure for the rules is simpler.  We will still support the present/older format for about a year.  We can’t support the format forever, we still have people trying to download version 2.2 of the Snort ruleset once an hour, even though the ruleset hasn’t existed in almost 10 years!
  • All new “Get Started” Section
    • Choose your platform, Copy and paste the commands, done.




We are very enthusiastic about the new site and its future roadmap.  If you have suggestions, feedback, ideas or even compliments, please send them our way at snort-site@cisco.com and we'll take a look!

NOTE:  DNS will take a bit to update, so not everyone will see the site at the same time.  Be patient for us!